PRIVACY: Do not store IP address more than 4 years

[tiblu]

What is the problem?

Privacy policy states that we keep User IP for 3 months. It will be updated to be 4 years to be compliant with GDPR

The reality is that Citizen OS has User IP stored for more than 4 years as we don't have any automation to remove them:

• In Activities table inside actor object.
• In database backups older than 4 years.

Why is this a problem?

It goes against Citizen OS privacy policy - https://citizenos.com/legal/privacy/

Possible solution.

• Put in place a mechanism that will continuously mask/obfuscate/remove IP address in the actor object in the Activities table for activities older than 4 years. We MAY want to use obfuscation to connect different activites from same IP while NOT actually connecting to a person.
• Put in place a mechanism that will continuously remove all DB backups older than 4 years.
• Any other places?

Related issues

• This issue created in the context of LEGAL: INSERT, UPDATE, DELETE - Store Users IP address #102

[ilmartyrk]

@tiblu, we should actually store IP for 4 years #102 (comment)
I have changed the issue and replaced your initial texts from 3-months to 4 years. We will get our PP updated by @KatiVellak

[anettlinno]

Triage 60. Important update. We need to automate removing IPs after 4 years of storage. Est. dev time 8 hours. Sending to development.

[BeccaMelhuish]

@ssin1901 @ilmartyrk Will put this to 'soon' as it seems important if not already fixed